[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Top-level Sighting Object from last meeting
On 30.10.2015 12:29:31, Jerome Athias wrote: > For the record > > https://stixproject.github.io/data-model/1.2/indicator/IndicatorType/ > Valid_Time_Position 0..n ValidTimeType Specifies the time window for > which this Indicator is valid. > > was introduced for some use cases related. > Good point, Jerome, I totally forgot about the Valid_Time_Position property. (Actually, I'm not sure I've ever seen it used in the field!) That said, I prefer the OpenTPX approach of allowing indicators to age gradually rather than the current STIX approach of binary start/stop times. It seems to me ultimately more useful to be able to say, "This indicator is still valid but it is *less* valid than it was 10 days ago" than to say, "This indicator is valid between now and next Wednesday." -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra | An FS-ISAC & DTCC Company www.soltra.com -- "It is more complicated than you think." --RFC 1925
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]